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Predictive Security Intelligence for Vulnerability Management 


Today, the majority of security spending is focused on defensive or 
reactive approaches to threats. Security teams are left to deal with 
volumes of disparate data, tools that don’t communicate, and alerts 
that sound only after the damage is done. To survive, organizations 
must go on the offensive to preempt threats before it’s too late. 


The CORE Security and Qualys joint solution proactively identifies 

critical risks in the context of business objectives, operational processes, 
and regulatory mandates. Security teams can therefore predict threats 
and effectively communicate their implications to the line of business. 


Unify and Streamline Vulnerability Management 


CORE Insight™ and QualysGuard™ unify and streamline vulnerability 
management initiatives by aggregating security data from every 
corner of your organization and adding predictive security intelligence 
to identify critical exposures and associated business risks. 


The joint solution reveals how actual attackers can traverse multiple 
vulnerabilities to access your most valuable business assets. 


An Automated Process for Continuous 
Vulnerability Management 


1. Scan for Vulnerabilities with QualysGuard 


QualysGuard is a leading vulnerability management solution 
delivering discovery, profiling and assessment of the entire network. 
QualysGuard: 


e Defines policies to establish a secure IT infrastructure in 
accordance with good governance and best practices frameworks. 


e Discovers and catalogues all assets, no matter where they reside, 
inside the enterprise, on the perimeter or in the cloud. 


e Automates ongoing security assessments for your IT systems and 
web application 


The QualysGuard Security and Compliance Suite eliminates 

network auditing and compliance inefficiencies by leveraging your 
organization’s core IT security information. In one consolidated suite, 
groups with different responsibilities can utilize similar information for 
their specific needs and have Qualys results automatically be imported 
into Insight. . 


2. Plan and Simulate Threats with CORE Insight 


The Insight workflow automatically imports QuaylsGuard 
results and leverages the scan data to model attacks and reveal 
the risk they pose to your most critical business assets. 


e Discover and profile network, web and endpoint targets 
e Reveal attack paths that expose business assets 


e Identify exploits that could be used by attackers 


You can also begin assessments at this stage, since Insight can identify and 
profile targets to select appropriate tests independently of scanners. 


First and only comprehensive vulnerability 
management solution on the market 


e Combine scan, simulation, and risk tests in one solution 


e Streamlined workflow 


Get meaningful, actionable information 
e Validate vulnerability data from multiple, disparate sources 


e Pinpoint critical exposures and eliminate false positives 


Correlate vulnerabilities to business risk 
e Reveal specific assets and resources exposed to breaches 


e Report risk in context of your organizational structure, 
processes and compliance mandates 


Trace attack paths across multiple vectors 


e Demonstrate how attackers can chain vulnerabilities across 
vectors to move through your environment 


Increase team efficiency and effectiveness 
e Focus resources on addressing the most critical risks 


e Increase the scope and frequency of security assessments 
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The CORE Insight unified vulnerability management workflow. 
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3. Replicate Threats 


Insight enables you to validate if critical assets can be 
breached and understand the risk to your business — with no 
false positives. 


e Network: Exploit vulnerabilities and weak passwords 


e Web: Verify SQL injection and cross-site scripting exposures 
both before and after applications go live 


e Endpoint: Evaluate phishing awareness & endpoint defenses 
Insight can also replicate threats that move from compromising 
web applications to attacking backend network resources. 


4. Dashboards and Reporting 


Insight tracks your end-to-end risk assessment activities — 
from scanning, to modeling, to testing. 
Insight Dashboards 


e Executive: Monitor overall security posture and drill-down 
for actionable details to inform decision making 


e Tester: Configure and execute security assessment campaigns 

e Campaign: Gain in-depth information about the status and 
results of specific campaigns 

Insight Reports 


e Executive: Identify key exposures, see changes in risk 
posture, and determine where to focus resources 


e Vulnerability Validation: Pinpoint exploitable 
vulnerabilities from imported scan results 


e Campaign: Get complete details on attack paths identified, 
assets tested, and vulnerabilities confirmed — plus audit 
trails of assessment activities 


e Delta: Compare results before and after remediation 


e Trend: Track security assessments over time 


5. Remediate Vulnerabilities and Repeat Testing 


Insight provides the information you need to quickly 
address exposures — and makes it easy to confirm that 
fixes are effective. 


e Get actionable information for efficient remediation 
e Prioritize exposures and optimize resource allocation 


e Repeat testing to confirm that risks are eliminated 


Core Security Qualys 
+1 (617) 399-6980 

info@coresecurity.com 
www.coresecurity.com 


+1 (800) 745-4355 
info@qualys.com 
www.qualys.com 
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The CORE Insight Executive Dashboard enables you to track vulnerability management 
effectiveness throughout your organization. Drill-down capabilities include visualizations 
of how attacks could leverage multiple vulnerabilities to reach critical assets. 


CORE INSIGHT SECURITY TESTING EXECUTIVE REPORT 
ENTERPRISE 
IFIED EXPOSURES FOUND FROM 09/16/21 
TESTING SUMMARY EXPOSURE DISTRIBUTION 
w vw ~x Ow» 
Seattle Y Lew ~n Oro 
ve Aman ~ — Oom 
we Amm è ~ Om 
Being Anum = — 9 w» 


London v ow ~ & wane ‘ 


COMPROMISED ASSETS EXPOSURES OVER TIME 
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The Executive Report provides key metrics about your real-world security posture. 
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